CVE-2011-1006

Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application.  NOTE: it is not clear whether this issue crosses privilege boundaries.
Severity
UNKNOWN
AV:L/AC:L/Au:N/C:C/I:C/A:C
Atk. Vector
LOCAL
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
balbir_singhlibcgroup
𝑥
≤ 0.37
balbir_singhlibcgroup
0.1b
balbir_singhlibcgroup
0.1c
balbir_singhlibcgroup
0.2
balbir_singhlibcgroup
0.3
balbir_singhlibcgroup
0.31
balbir_singhlibcgroup
0.32
balbir_singhlibcgroup
0.32.1
balbir_singhlibcgroup
0.32.2
balbir_singhlibcgroup
0.33
balbir_singhlibcgroup
0.34
balbir_singhlibcgroup
0.35
balbir_singhlibcgroup
0.35.1
balbir_singhlibcgroup
0.36
balbir_singhlibcgroup
0.36.1
balbir_singhlibcgroup
0.36.2
balbir_singhlibcgroup
0.37
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libcgroup
bullseye
0.41-11
fixed
bookworm
2.0.2-2
fixed
sid
3.1.0-2
fixed
trixie
3.1.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libcgroup
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
not-affected
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
natty
ignored
maverick
Fixed 0.36.2-3+squeeze1build0.10.10.1
released
lucid
ignored
karmic
ignored
hardy
dne
dapper
dne
References